Cyber Defense Advisors

Year: 2024

Home / News / 2024 / Page 207

FAQs Regarding CMMC Preliminary Assessments

FAQs Regarding CMMC Preliminary Assessments Introduction: As the Cybersecurity Maturity Model Certification (CMMC) becomes integral for collaboration with the Department of Defense (DoD), organizations within the Defense Industrial Base (DIB) are confronting the intricacies of attaining compliance. Central to navigating this process successfully is the CMMC preliminary assessment—a crucial evaluative step that primes organizations for […]

CMMC Feasibility
  • by
  • March 30, 2024

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims’ Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a […]

Cyber News
  • by
  • March 30, 2024

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

RedHat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts […]

Cyber News
  • by
  • March 29, 2024

Friday Squid Blogging: The Geopolitics of Eating Squid

New York Times op-ed on the Chinese dominance of the squid industry: China’s domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the world at a competitive disadvantage, eroding international law governing […]

Cyber News
  • by
  • March 29, 2024

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

Security vulnerabilities discovered in Dormakaba’s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based company […]

Cyber News
  • by
  • March 29, 2024

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. “TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024,” the […]

Cyber News
  • by
  • March 29, 2024

The Golden Age of Automated Penetration Testing is Here

Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving […]

Cyber News
  • by
  • March 29, 2024

Lessons from a Ransomware Attack against the British Library

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. Tags: cyberattack, ransomware, reports Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • March 29, 2024

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

Details have emerged about a vulnerability impacting the “wall” command of the util-linux package that could be potentially exploited by a bad actor to leak a user’s password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as […]

Cyber News